diff --git a/.gitignore b/.gitignore
index 0fb2e48e..d46b0048 100644
--- a/.gitignore
+++ b/.gitignore
@@ -78,3 +78,57 @@ chart/charts
 
 #Docker
 DockerData/
+
+
+
+########################################## Terraform ##########################################
+# Terraform State files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore override files as they are usually used to override resources locally
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# .terraform directory is used by Terraform to store module and provider caches
+.terraform/
+
+# Ignore any plan files
+*.tfplan
+
+# Ignore variables files that may contain sensitive information
+*.tfvars
+*.tfvars.json
+
+# Ignore local environment files
+.terraform.lock.hcl
+
+# Ignore backup files
+*.backup
+
+# Ignore editor specific files
+# Examples for Visual Studio Code, IntelliJ IDEA, etc.
+.vscode/
+.idea/
+
+# Ignore Mac OS specific files
+.DS_Store
+
+# Ignore Linux and Unix specific files
+*.swp
+*.swo
+
+#Ignore Pem File
+*.pem
+
+#Ignore Aws Cred
+*/.aws/credentials
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 80d6f5a9..8eb5f1b3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -34,22 +34,6 @@ repos:
         language: python
         types: [text]
 
-      - id: check-executables-have-shebangs
-        name: check that executables have shebangs
-        description: ensures that (non-binary) executables have a shebang.
-        entry: check-executables-have-shebangs
-        language: python
-        types: [text, executable]
-        stages: [commit, push, manual]
-
-      - id: check-shebang-scripts-are-executable
-        name: check that scripts with shebangs are executable
-        description: ensures that (non-binary) files with a shebang are executable.
-        entry: check-shebang-scripts-are-executable
-        language: python
-        types: [text]
-        stages: [commit, push, manual]
-
       - id: check-json
         name: check json
         description: checks json files for parseable syntax.
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 00000000..ae0c0ddb
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,76 @@
+# Modules
+
+# VPC
+module "step1" {
+  source              = "./step1/"
+  aws_region          = var.aws_region
+  vpc_name            = var.vpc_name
+  vpc_cidr_block      = var.vpc_cidr_block
+  vpc_private_subnets = var.vpc_private_subnets
+  vpc_public_subnets  = var.vpc_public_subnets
+  availability_zones  = var.availability_zones
+  project_name        = var.project_name
+}
+
+# ECR - KMS - IAM Roles/Policies - S3 - SECURITY GROUPS
+module "step2" {
+  source             = "./step2/"
+  project_name       = var.project_name
+  aws_account        = var.aws_account
+  aws_region         = var.aws_region
+  vpc_name           = var.vpc_name
+  vpc_id             = module.step1.vpc_id
+  s3_bucket_name     = var.s3_bucket_name
+  ecs_task_role_name = var.ecs_task_role_name
+  depends_on         = [module.step1]
+}
+
+# ECR
+module "step3" {
+  source     = "./step3/"
+  ecr_names  = var.ecr_names
+  kms_key    = module.step2.kms_key.arn
+  depends_on = [module.step2]
+}
+
+# EC2 - REDIS - POSTGRESQL
+module "step4" {
+  source                    = "./step4/"
+  public_ec2_instance_ami   = var.public_ec2_instance_ami
+  private_ec2_instance_ami  = var.private_ec2_instance_ami
+  project_name              = var.project_name
+  vpc_name                  = var.vpc_name
+  vpc_private_subnets       = module.step1.private_subnets_id
+  vpc_public_subnets        = module.step1.public_subnets_id
+  ec2_sec_grp               = module.step2.ec2_sec_grp.id
+  psql_sec_grp              = module.step2.psql_sec_grp.id
+  docdb_sec_grp             = module.step2.docdb_sec_grp.id
+  redis_sec_grp             = module.step2.redis_sec_grp.id
+  # document_db_root_username = var.document_db_root_username
+  # document_db_root_password = var.document_db_root_password
+  postgresql_root_username  = var.postgresql_root_username
+  postgresql_root_password  = var.postgresql_root_password
+}
+
+# ECS - EFS - ALB
+module "step6" {
+  source                    = "./step6/"
+  project_name              = var.project_name
+  aws_account               = var.aws_account
+  aws_region                = var.aws_region
+  vpc_name                  = var.vpc_name
+  vpc_id                    = module.step1.vpc_id
+  vpc_private_subnets       = module.step1.private_subnets_id
+  vpc_public_subnets        = module.step1.public_subnets_id
+  vpc_private_subnets_count = var.vpc_private_subnets
+  ecs_cluster_name          = var.ecs_cluster_name
+  ecs_loadbalancer_name     = var.ecs_loadbalancer_name
+  ecs_task_role_name        = module.step2.ecs_final_role_name
+  ecs_sec_grp               = module.step2.ecs_sec_grp.id
+  alb_logs_s3_bucket        = module.step2.alb_logs_s3_bucket.id
+  kms_key                   = module.step2.kms_key.arn
+  load_balancer_sec_grp     = module.step2.load_balancer_sec_grp.id
+  SSL_certificate_arn       = var.SSL_certificate_arn
+  s3_bucket_name            = var.s3_bucket_name
+  depends_on                = [module.step4]
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
new file mode 100644
index 00000000..80956c24
--- /dev/null
+++ b/terraform/outputs.tf
@@ -0,0 +1,12 @@
+output "postgres_endpoint" {
+  value = module.step4.postgres_endpoint.address
+}
+
+
+#output "private_subnets" {
+#  value = module.step1.private_subnets_id
+#}
+
+#output "kms_key_arn" {
+#  value = module.step2.kms_key.arn
+#}
diff --git a/terraform/providers.tf b/terraform/providers.tf
new file mode 100644
index 00000000..e67bcf86
--- /dev/null
+++ b/terraform/providers.tf
@@ -0,0 +1,28 @@
+# Terraform provider
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.67.0"
+    }
+  }
+}
+
+provider "aws" {
+  # region and profile is for the architecture
+  region                   = "ap-south-1"
+  shared_credentials_files = ["${path.module}/.aws/credentials"]
+  profile                  = "default"
+
+
+  default_tags {
+    tags = {
+      Environment = "NAXA-DTM"
+      Application = "DTM"
+      Team        = "NAXA-Developers"
+      Creator     = "NAXA"
+      Owner       = "NAXA"
+    }
+  }
+}
diff --git a/terraform/step1/VPC.tf b/terraform/step1/VPC.tf
new file mode 100644
index 00000000..cc298884
--- /dev/null
+++ b/terraform/step1/VPC.tf
@@ -0,0 +1,136 @@
+# CREATE VPC
+resource "aws_vpc" "project_vpc" {
+  cidr_block                           = var.vpc_cidr_block
+  enable_dns_hostnames                 = true
+  enable_network_address_usage_metrics = true
+  enable_dns_support                   = true
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}"
+  }
+}
+
+# CREATE INTERNET GATEWAY for the public subnets
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.project_vpc.id
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-igw"
+  }
+}
+
+# CREATE ELASTIC IP for nat
+resource "aws_eip" "nat_eip" {
+  vpc = true
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-eip"
+  }
+  depends_on = [aws_internet_gateway.igw]
+}
+
+# CREATE NAT GATEWAY
+resource "aws_nat_gateway" "nat_gateway" {
+  allocation_id = aws_eip.nat_eip.id
+  subnet_id     = aws_subnet.public_subnet[0].id
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-nat"
+  }
+  depends_on = [aws_internet_gateway.igw]
+}
+
+
+
+# ========================== PRIVATE SUBNETS ======================= #
+
+# Create Private Subnets
+resource "aws_subnet" "private_subnet" {
+  count                   = length(var.vpc_private_subnets)
+  vpc_id                  = aws_vpc.project_vpc.id
+  cidr_block              = var.vpc_private_subnets[count.index]
+  availability_zone       = var.availability_zones[count.index % length(var.availability_zones)]
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-private-subnet-${count.index}"
+  }
+}
+
+# ROUTE TABLES for private Subnets
+resource "aws_route_table" "private_route_table" {
+  vpc_id = aws_vpc.project_vpc.id
+  tags = {
+    Name = "${var.vpc_name}-private-route-table"
+  }
+}
+
+resource "aws_route" "private_nat_gateway" {
+  route_table_id         = aws_route_table.private_route_table.id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.nat_gateway.id
+}
+
+resource "aws_route_table_association" "private_subnet_association" {
+  count          = length(aws_subnet.private_subnet)
+  route_table_id = aws_route_table.private_route_table.id
+  subnet_id      = aws_subnet.private_subnet[count.index].id
+}
+
+
+
+# ========================== PUBLIC SUBNETS ======================= #
+
+#Create Public Subnets
+resource "aws_subnet" "public_subnet" {
+  count                   = length(var.vpc_public_subnets)
+  cidr_block              = var.vpc_public_subnets[count.index]
+  vpc_id                  = aws_vpc.project_vpc.id
+  availability_zone       = var.availability_zones[count.index % length(var.availability_zones)]
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-public-subnet-${count.index}"
+  }
+}
+
+# ROUTE TABLES for public Subnets
+resource "aws_route_table" "public_route_table" {
+  vpc_id = aws_vpc.project_vpc.id
+  tags = {
+    Name = "${var.vpc_name}-public-route-table"
+  }
+}
+
+resource "aws_route" "public_internet_gateway" {
+  route_table_id         = aws_route_table.public_route_table.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.igw.id
+}
+
+resource "aws_route_table_association" "public_subnet_association" {
+  count          = length(aws_subnet.public_subnet)
+  subnet_id      = aws_subnet.public_subnet[count.index].id
+  route_table_id = aws_route_table.public_route_table.id
+}
+
+
+
+# ========================== DEFAULT SG ======================= #
+
+# VPC's Default Security Group
+resource "aws_security_group" "default" {
+  name        = "${var.vpc_name}-default-sg"
+  description = "Default security group to allow inbound/outbound from the VPC"
+  vpc_id      = aws_vpc.project_vpc.id
+  ingress {
+    from_port = "0"
+    to_port   = "0"
+    protocol  = "-1"
+    self      = true
+  }
+  egress {
+    from_port = "0"
+    to_port   = "0"
+    protocol  = "-1"
+    self      = "true"
+  }
+  tags = {
+    Name = "${var.vpc_name}-default-sg"
+  }
+  depends_on = [aws_vpc.project_vpc]
+}
diff --git a/terraform/step1/output.tf b/terraform/step1/output.tf
new file mode 100644
index 00000000..02b64e45
--- /dev/null
+++ b/terraform/step1/output.tf
@@ -0,0 +1,19 @@
+output "vpc_id" {
+  value = aws_vpc.project_vpc.id
+}
+
+output "private_subnets_id" {
+  value = aws_subnet.private_subnet.*.id
+}
+
+output "public_subnets_id" {
+  value = aws_subnet.public_subnet.*.id
+}
+
+output "private_route_table_id" {
+  value = aws_route_table.private_route_table.id
+}
+
+output "public_route_table_id" {
+  value = aws_route_table.public_route_table.id
+}
diff --git a/terraform/step1/variables.tf b/terraform/step1/variables.tf
new file mode 100644
index 00000000..3b381473
--- /dev/null
+++ b/terraform/step1/variables.tf
@@ -0,0 +1,29 @@
+#VARIABLES
+
+variable "aws_region" {
+  type = string
+}
+
+variable "project_name" {
+  type = string
+}
+
+variable "vpc_name" {
+  type = string
+}
+
+variable "vpc_cidr_block" {
+  type = string
+}
+
+variable "vpc_private_subnets" {
+  type = list(string)
+}
+
+variable "vpc_public_subnets" {
+  type = list(string)
+}
+
+variable "availability_zones" {
+  type = list(string)
+}
diff --git a/terraform/step2/IAM_ec2_policy.tf b/terraform/step2/IAM_ec2_policy.tf
new file mode 100644
index 00000000..49153cd6
--- /dev/null
+++ b/terraform/step2/IAM_ec2_policy.tf
@@ -0,0 +1,98 @@
+#################################
+# EC2 Instance Profile and Policy
+
+resource "aws_iam_role" "ec2_role" {
+  name               = "${var.project_name}-ec2-role"
+  assume_role_policy = data.aws_iam_policy_document.ec2_assume_role.json
+  tags = {
+    Name = "${var.project_name}-ec2-role"
+  }
+}
+
+resource "aws_iam_policy" "ec2_policy" {
+  name        = "${var.project_name}-ec2-policy"
+  description = "Instance profile policy for EC2"
+  policy      = data.aws_iam_policy_document.ec2_instance_profile.json
+  tags = {
+    Name = "${var.project_name}-ec2-policy"
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_attachment" {
+  role       = aws_iam_role.ec2_role.name
+  policy_arn = aws_iam_policy.ec2_policy.arn
+}
+
+resource "aws_iam_instance_profile" "ec2_instance_profile" {
+  name = "${var.project_name}-ec2-profile"
+  role = "${var.project_name}-ec2-role"
+}
+
+# ===================== DATA POLICY ============================
+
+data "aws_iam_policy_document" "ec2_assume_role" {
+  statement {
+    sid     = "GenericAssumeRoleEC2"
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "ec2_instance_profile" {
+  statement {
+    sid       = "EC2InstanceProfilePolicy"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey",
+      "s3:GetEncryptionConfiguration",
+      "ssm:DescribeParameters",
+      "ssm:GetParameters",
+      "ssm:UpdateInstanceInformation",
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+      "ssmmessages:OpenDataChannel",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:DescribeLogGroups",
+      "logs:DescribeLogStreams",
+    ]
+  }
+
+  statement {
+    sid    = ""
+    effect = "Allow"
+
+    resources = [
+      "arn:aws:s3:::${var.s3_bucket_name}/*",
+      "arn:aws:s3:::${var.s3_bucket_name}",
+    ]
+
+    actions = [
+      "s3:ListBucket",
+      "s3:PutObject",
+      "s3:GetEncryptionConfiguration",
+      "s3:GetObject",
+      "s3:GetObjectVersion",
+      "s3:DeleteObject",
+      "s3:DeleteObjectVersion",
+    ]
+  }
+}
diff --git a/terraform/step2/IAM_ecs_policy.tf b/terraform/step2/IAM_ecs_policy.tf
new file mode 100644
index 00000000..b656a705
--- /dev/null
+++ b/terraform/step2/IAM_ecs_policy.tf
@@ -0,0 +1,128 @@
+###########################
+# ECS Role and Policy
+
+resource "aws_iam_role" "ecs_role" {
+  name               = var.ecs_task_role_name
+  assume_role_policy = data.aws_iam_policy_document.ecs_assume_role.json
+  tags = {
+    Name = "${var.ecs_task_role_name}"
+  }
+}
+
+resource "aws_iam_policy" "ecs_policy" {
+  name        = "${var.project_name}-ecs-policy"
+  description = "ECS policy for ${var.ecs_task_role_name}"
+  policy      = data.aws_iam_policy_document.ecs_policy.json
+  tags = {
+    Name = "${var.project_name}-ecs-policy"
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_attachment_1" {
+  role       = aws_iam_role.ecs_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_attachment_2" {
+  role       = aws_iam_role.ecs_role.name
+  policy_arn = aws_iam_policy.ecs_policy.arn
+}
+
+# ===================== DATA POLICY ============================
+
+data "aws_iam_policy_document" "ecs_assume_role" {
+  statement {
+    sid     = "GenericAssumeRoleEC2"
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "ecs_policy" {
+  statement {
+    sid    = "ECSs3Bucket"
+    effect = "Allow"
+
+    resources = [
+      "arn:aws:s3:::${var.s3_bucket_name}/*",
+      "arn:aws:s3:::${var.s3_bucket_name}",
+    ]
+
+    actions = [
+      "s3:ListBucket",
+      "s3:PutObject",
+      "s3:GetEncryptionConfiguration",
+      "s3:GetObject",
+      "s3:GetObjectVersion",
+      "s3:DeleteObject",
+      "s3:DeleteObjectVersion",
+    ]
+  }
+
+  statement {
+    sid       = "ECSssmMessages"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+      "ssmmessages:OpenDataChannel",
+    ]
+  }
+
+  statement {
+    sid       = "ECSssm"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "ssm:UpdateInstanceInformation",
+      "ssm:DescribeParameters",
+      "ssm:GetParameters",
+    ]
+  }
+
+  statement {
+    sid       = "ECSlogs"
+    effect    = "Allow"
+    resources = ["arn:aws:logs:*:*:*"]
+
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:DescribeLogStreams",
+    ]
+  }
+
+  statement {
+    sid       = "ECScloudwatch"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "cloudwatch:PutMetricData",
+      "cloudwatch:GetMetricData",
+      "cloudwatch:ListMetrics",
+    ]
+  }
+
+  statement {
+    sid       = "ECSotherPermissions"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "elasticfilesystem:*",
+      "secretsmanager:GetSecretValue",
+      "kms:Decrypt",
+    ]
+  }
+}
diff --git a/terraform/step2/KMS.tf b/terraform/step2/KMS.tf
new file mode 100644
index 00000000..c7cedf3a
--- /dev/null
+++ b/terraform/step2/KMS.tf
@@ -0,0 +1,16 @@
+# KMS key for ECR encryption
+resource "aws_kms_key" "encryption_key_ecr" {
+  description             = "KMS ECR key 1"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+  tags = {
+    "Name" = "${var.project_name}-ecr-key"
+  }
+}
+
+resource "aws_kms_alias" "kms_alias_ecr" {
+  name          = "alias/${var.project_name}-ecr-key"
+  target_key_id = aws_kms_key.encryption_key_ecr.key_id
+}
diff --git a/terraform/step2/S3.tf b/terraform/step2/S3.tf
new file mode 100644
index 00000000..3f7b88e7
--- /dev/null
+++ b/terraform/step2/S3.tf
@@ -0,0 +1,54 @@
+# CREATE S3 Bucket
+resource "aws_s3_bucket" "s3_bucket" {
+  bucket = var.s3_bucket_name
+  tags = {
+    Name = "${var.s3_bucket_name}"
+  }
+}
+
+
+resource "aws_s3_bucket" "alb_logs_s3_bucket" {
+  bucket = "${var.s3_bucket_name}-alb-logs"
+  tags = {
+    Name = "${var.s3_bucket_name}-alb-logs"
+  }
+}
+
+resource "aws_s3_bucket_policy" "allow_loadbalancer_to_logs_bucket" {
+  bucket = aws_s3_bucket.alb_logs_s3_bucket.id
+  policy = data.aws_iam_policy_document.allow_loadbalancer_to_logs_bucket.json
+}
+
+data "aws_iam_policy_document" "allow_loadbalancer_to_logs_bucket" {
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::718504428378:root"]
+      # Here Change identifier "718504428378" on basis of loadbalancer region
+      # We're using 718504428378 as our loadbalancer is on region ap-south-1
+    }
+
+    actions = [
+      "s3:PutObject",
+    ]
+
+    resources = [
+      "${aws_s3_bucket.alb_logs_s3_bucket.arn}/*",
+    ]
+  }
+  statement {
+    principals {
+      type        = "Service"
+      identifiers = ["delivery.logs.amazonaws.com"]
+    }
+
+    actions = [
+      "s3:GetBucketAcl",
+    ]
+
+    resources = [
+      "${aws_s3_bucket.alb_logs_s3_bucket.arn}"
+    ]
+  }
+
+}
diff --git a/terraform/step2/SecurityGroups.tf b/terraform/step2/SecurityGroups.tf
new file mode 100644
index 00000000..3998a8dc
--- /dev/null
+++ b/terraform/step2/SecurityGroups.tf
@@ -0,0 +1,170 @@
+# EC2 security group
+resource "aws_security_group" "ec2_sec_grp" {
+  name_prefix = "${var.project_name}-ec2_sec_grp"
+  description = "Allow ssh for EC2"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.project_name}-ec2_sec_grp"
+  }
+}
+
+# RDS security group
+resource "aws_security_group" "psql_sec_grp" {
+  name_prefix = "${var.project_name}-psql_sec_grp"
+  description = "Allow PostgreSQL access"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.project_name}-psql_sec_grp"
+  }
+}
+
+# Document DB Security group
+resource "aws_security_group" "doc_db_sec_grp" {
+  name_prefix = "${var.project_name}-doc_db_sec_grp"
+  description = "Allow Document DB access"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 27017
+    to_port     = 27017
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.project_name}-doc_db_sec_grp"
+  }
+}
+
+# ElastiCache Redis DB Security group
+resource "aws_security_group" "redis_sec_grp" {
+  name_prefix = "${var.project_name}-redis_sec_grp"
+  description = "Allow Elasticache"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 6379
+    to_port     = 6380
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.project_name}-redis_sec_grp"
+  }
+}
+
+# ECS security group
+resource "aws_security_group" "ecs_sec_grp" {
+  name_prefix = "${var.project_name}-ecs_sec_grp"
+  description = "Allow ECS traffic"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 9000
+    to_port     = 9000
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 8000
+    to_port     = 8000
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 8005
+    to_port     = 8005
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.project_name}-ecs_sec_grp"
+  }
+}
+
+# Load Balancer Security Group
+resource "aws_security_group" "load_balancer_sec_grp" {
+  name_prefix = "${var.project_name}-load_balancer_sec_grp"
+  description = "Allow ALB HTTP and HTTPS"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.project_name}-load_balancer_sec_grp"
+  }
+}
diff --git a/terraform/step2/output.tf b/terraform/step2/output.tf
new file mode 100644
index 00000000..6a055650
--- /dev/null
+++ b/terraform/step2/output.tf
@@ -0,0 +1,39 @@
+output "ec2_sec_grp" {
+  value = aws_security_group.ec2_sec_grp
+}
+
+output "psql_sec_grp" {
+  value = aws_security_group.psql_sec_grp
+}
+
+output "docdb_sec_grp" {
+  value = aws_security_group.doc_db_sec_grp
+}
+
+output "redis_sec_grp" {
+  value = aws_security_group.redis_sec_grp
+}
+
+output "ecs_sec_grp" {
+  value = aws_security_group.ecs_sec_grp
+}
+
+output "ecs_final_role_name" {
+  value = aws_iam_role.ecs_role.name
+}
+
+output "load_balancer_sec_grp" {
+  value = aws_security_group.load_balancer_sec_grp
+}
+
+output "kms_key" {
+  value = aws_kms_key.encryption_key_ecr
+}
+
+output "kms_key_name" {
+  value = aws_kms_alias.kms_alias_ecr
+}
+
+output "alb_logs_s3_bucket" {
+  value = aws_s3_bucket.alb_logs_s3_bucket
+}
diff --git a/terraform/step2/variables.tf b/terraform/step2/variables.tf
new file mode 100644
index 00000000..c34d3fdf
--- /dev/null
+++ b/terraform/step2/variables.tf
@@ -0,0 +1,29 @@
+#VARIABLES
+
+variable "project_name" {
+  type = string
+}
+
+variable "vpc_name" {
+  type = string
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "aws_account" {
+  type = string
+}
+
+variable "aws_region" {
+  type = string
+}
+
+variable "s3_bucket_name" {
+  type = string
+}
+
+variable "ecs_task_role_name" {
+  type = string
+}
diff --git a/terraform/step3/ECR.tf b/terraform/step3/ECR.tf
new file mode 100644
index 00000000..4f36d449
--- /dev/null
+++ b/terraform/step3/ECR.tf
@@ -0,0 +1,55 @@
+# CREATE AWS PRIVATE REPO
+resource "aws_ecr_repository" "private_repo" {
+  count = length(var.ecr_names)
+  name  = var.ecr_names[count.index]
+  #image_tag_mutability = "IMMUTABLE"
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+  encryption_configuration {
+    encryption_type = "KMS"
+    kms_key         = var.kms_key
+  }
+  tags = {
+    Name = "Private ECR Repository for ${var.ecr_names[count.index]}"
+  }
+}
+
+
+resource "aws_ecr_lifecycle_policy" "only_3_image" {
+  count      = length(aws_ecr_repository.private_repo)
+  repository = aws_ecr_repository.private_repo.* [count.index].name
+  depends_on = [aws_ecr_repository.private_repo]
+  policy     = <<EOF
+  {
+    "rules": [
+      {
+        "rulePriority": 1,
+        "description": "Save 3 copies of tagged images",
+        "selection": {
+          "tagStatus": "tagged",
+          "tagPrefixList": ["master", "staging", "develop", "aws"],
+          "countType": "imageCountMoreThan",
+          "countNumber": 3
+        },
+        "action": {
+          "type": "expire"
+        }
+      },
+      {
+        "rulePriority": 2,
+        "description": "Delete all untagged images",
+        "selection": {
+          "tagStatus": "untagged",
+          "countType": "sinceImagePushed",
+          "countUnit": "days",
+          "countNumber": 1
+        },
+        "action": {
+          "type": "expire"
+        }
+      }
+    ]
+  }
+  EOF
+}
diff --git a/terraform/step3/variables.tf b/terraform/step3/variables.tf
new file mode 100644
index 00000000..abe0225a
--- /dev/null
+++ b/terraform/step3/variables.tf
@@ -0,0 +1,9 @@
+#VARIABLES
+
+variable "ecr_names" {
+  type = list(string)
+}
+
+variable "kms_key" {
+  type = string
+}
diff --git a/terraform/step4/EC2.tf b/terraform/step4/EC2.tf
new file mode 100644
index 00000000..42075cb4
--- /dev/null
+++ b/terraform/step4/EC2.tf
@@ -0,0 +1,72 @@
+# PEM key
+resource "tls_private_key" "rsa_key_for_ssh" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "ssh_key" {
+  key_name   = "${var.vpc_name}-EC2-instance-SSH-key"
+  public_key = tls_private_key.rsa_key_for_ssh.public_key_openssh
+}
+
+resource "local_file" "ssh_private_key" {
+  content  = tls_private_key.rsa_key_for_ssh.private_key_pem
+  filename = "${path.module}/Pem_key/dtm.pem"
+}
+
+
+# # TEST EC2 on private subnet
+# resource "aws_instance" "ec2-private" {
+#   ami                         = var.private_ec2_instance_ami
+#   instance_type               = "t2.micro"
+#   key_name                    = aws_key_pair.ssh_key.key_name
+#   subnet_id                   = var.vpc_private_subnets[0]
+#   vpc_security_group_ids      = [var.ec2_sec_grp]
+#   iam_instance_profile        = "${var.project_name}-ec2-profile"
+#   user_data                   = file("${path.module}/Userdata/ec2-base.sh")
+#   associate_public_ip_address = false
+
+#   root_block_device{
+#     volume_size = "40"
+#   }
+
+#   metadata_options {
+#     http_endpoint = "enabled"
+#     http_tokens   = "required"
+#   }
+
+#   tags = {
+#     Name = "${var.project_name}-ec2-private-test"
+#   }
+# }
+
+
+# TEST EC2 on Public subnet
+resource "aws_instance" "ec2-public" {
+  ami           = var.public_ec2_instance_ami
+  instance_type = "t2.micro"
+  tags = {
+    Name = "ec2-public-test-dtm"
+  }
+  root_block_device {
+    volume_size = "40"
+  }
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+  key_name                    = aws_key_pair.ssh_key.key_name
+  subnet_id                   = var.vpc_public_subnets[0]
+  vpc_security_group_ids      = [var.ec2_sec_grp]
+  associate_public_ip_address = true
+}
+
+
+#Elastic IP for Public EC2
+resource "aws_eip" "ec2-eip" {
+  instance = aws_instance.ec2-public.id
+  vpc      = true
+  tags = {
+    "Name" = "${var.project_name}-public-ec2-eip"
+  }
+}
diff --git a/terraform/step4/RDS_Databases.tf b/terraform/step4/RDS_Databases.tf
new file mode 100644
index 00000000..58f5b289
--- /dev/null
+++ b/terraform/step4/RDS_Databases.tf
@@ -0,0 +1,73 @@
+#Subnet Groups for DB
+resource "aws_db_subnet_group" "db_subnet_grp" {
+  name        = "${var.project_name}-db-subnetgrp"
+  description = "Subnet group for databases"
+  subnet_ids  = var.vpc_public_subnets[*]
+  tags = {
+    Name = "${var.project_name}-db-subnetgrp"
+  }
+}
+
+#Document DB parameter group
+# resource "aws_docdb_cluster_parameter_group" "doc_db_pmg" {
+#   family      = "docdb5.0"
+#   name        = "${var.project_name}-document-db-pmg"
+#   description = "docdb cluster parameter group for ${var.project_name}"
+
+#   parameter {
+#     name  = "tls"
+#     value = "disabled"
+#   }
+# }
+
+# #Document DB cluster
+# resource "aws_docdb_cluster" "docdb" {
+#   cluster_identifier              = "${var.project_name}-docdb-cluster"
+#   engine                          = "docdb"
+#   master_username                 = var.document_db_root_username
+#   master_password                 = var.document_db_root_password
+#   backup_retention_period         = 7
+#   preferred_backup_window         = "01:15-02:15"
+#   skip_final_snapshot             = true
+#   deletion_protection             = false
+#   db_subnet_group_name            = aws_db_subnet_group.db_subnet_grp.id
+#   vpc_security_group_ids          = [var.docdb_sec_grp]
+#   db_cluster_parameter_group_name = aws_docdb_cluster_parameter_group.doc_db_pmg.name
+# }
+
+#Add Instance to DocumentDB cluster
+# resource "aws_docdb_cluster_instance" "docdb_cluster_instances" {
+#   count              = 1
+#   identifier         = "docdb-cluster-${var.project_name}-${count.index}"
+#   cluster_identifier = aws_docdb_cluster.docdb.id
+#   instance_class     = "db.t3.medium"
+# }
+
+# PostgreSQL
+resource "aws_db_instance" "postgresql_cluster" {
+  identifier                      = "${var.project_name}-db-postgresql"
+  allocated_storage               = 45
+  max_allocated_storage           = 100
+  engine                          = "postgres"
+  engine_version                  = "16.2" # The new version is 14.6-R1 - Please Sijan double check
+  auto_minor_version_upgrade      = false
+  instance_class                  = "db.t3.micro"
+  db_name                         = "dbadmin"
+  username                        = var.postgresql_root_username
+  password                        = var.postgresql_root_password
+  skip_final_snapshot             = true
+  apply_immediately               = true
+  deletion_protection             = false
+  publicly_accessible             = true
+  delete_automated_backups        = false
+  backup_retention_period         = 7
+  backup_window                   = "01:15-02:15"
+  db_subnet_group_name            = aws_db_subnet_group.db_subnet_grp.id
+  vpc_security_group_ids          = [var.psql_sec_grp]
+  enabled_cloudwatch_logs_exports = [
+    "postgresql",
+  ]
+  tags                            = {
+    Name = "${var.project_name}-db-postgresql"
+  }
+}
diff --git a/terraform/step4/REDIS.tf b/terraform/step4/REDIS.tf
new file mode 100644
index 00000000..e2205f82
--- /dev/null
+++ b/terraform/step4/REDIS.tf
@@ -0,0 +1,28 @@
+# Redis subnet group
+resource "aws_elasticache_subnet_group" "redis_subnet_grp" {
+  name        = "${var.project_name}-redis-subnet-grp"
+  description = "Subnet group for redis databases"
+  subnet_ids  = var.vpc_private_subnets[*]
+  tags = {
+    Name = "${var.project_name}-redis-subnet-grp"
+  }
+}
+
+
+# Redis-main
+resource "aws_elasticache_cluster" "redis-main" {
+  cluster_id           = "${var.project_name}-redis-main-cluster"
+  engine               = "redis"
+  node_type            = "cache.t2.small"
+  num_cache_nodes      = 1
+  parameter_group_name = "default.redis4.0"
+  engine_version       = "4.0.10"
+  port                 = 6379
+  subnet_group_name    = aws_elasticache_subnet_group.redis_subnet_grp.id
+  security_group_ids   = [var.redis_sec_grp]
+  apply_immediately    = true
+
+  tags = {
+    Name = "${var.project_name}-redis-main-cluster"
+  }
+}
diff --git a/terraform/step4/Userdata/ec2-base.sh b/terraform/step4/Userdata/ec2-base.sh
new file mode 100644
index 00000000..2b796501
--- /dev/null
+++ b/terraform/step4/Userdata/ec2-base.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Update the system
+apt update && apt upgrade -y
+
+# Install software
+snap install docker
+apt install awscli postgresql-client
+
+# Add docker permissions for ssm-user
+#groupadd -g 1005 docker
+#usermod -a -G docker ssm-user
+
+# Reboot the system
+sleep 10
+reboot
diff --git a/terraform/step4/output.tf b/terraform/step4/output.tf
new file mode 100644
index 00000000..ee06f532
--- /dev/null
+++ b/terraform/step4/output.tf
@@ -0,0 +1,11 @@
+output "postgres_endpoint" {
+  value = aws_db_instance.postgresql_cluster
+}
+
+# output "mongo_endpoint" {
+#   value = aws_docdb_cluster_instance.docdb_cluster_instances[0].endpoint
+# }
+
+output "redis_main_endpoint" {
+  value = aws_elasticache_cluster.redis-main.configuration_endpoint
+}
diff --git a/terraform/step4/variables.tf b/terraform/step4/variables.tf
new file mode 100644
index 00000000..d740ca1f
--- /dev/null
+++ b/terraform/step4/variables.tf
@@ -0,0 +1,60 @@
+#VARIABLES
+
+variable "project_name" {
+  type = string
+}
+
+variable "vpc_name" {
+  type = string
+}
+
+variable "vpc_private_subnets" {
+  type = list(string)
+}
+
+variable "vpc_public_subnets" {
+  type = list(string)
+}
+
+variable "ec2_sec_grp" {
+  type = string
+}
+
+
+variable "psql_sec_grp" {
+  type = string
+}
+
+variable "docdb_sec_grp" {
+  type = string
+}
+
+variable "redis_sec_grp" {
+  type = string
+}
+
+
+variable "public_ec2_instance_ami" {
+  type = string
+}
+
+variable "private_ec2_instance_ami" {
+  type = string
+}
+
+
+# variable "document_db_root_username" {
+#   type = string
+# }
+
+# variable "document_db_root_password" {
+#   type = string
+# }
+
+variable "postgresql_root_username" {
+  type = string
+}
+
+variable "postgresql_root_password" {
+  type = string
+}
diff --git a/terraform/step6/ECS_AutoScaling.tf b/terraform/step6/ECS_AutoScaling.tf
new file mode 100644
index 00000000..fab0490a
--- /dev/null
+++ b/terraform/step6/ECS_AutoScaling.tf
@@ -0,0 +1,56 @@
+#CREATE AUTOSCALING TARGET FOR dtm
+resource "aws_appautoscaling_target" "dtm_scaling_target" {
+  max_capacity       = 3
+  min_capacity       = 1
+  resource_id        = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.dtm_service.name}"
+  scalable_dimension = "ecs:service:DesiredCount"
+  service_namespace  = "ecs"
+}
+
+#CREATE AUTOSCALING POLICY FOR dtm
+resource "aws_appautoscaling_policy" "dtm_scaling_policy" {
+  name               = "dtm-scaling-policy"
+  policy_type        = "TargetTrackingScaling"
+  resource_id        = aws_appautoscaling_target.dtm_scaling_target.resource_id
+  scalable_dimension = aws_appautoscaling_target.dtm_scaling_target.scalable_dimension
+  service_namespace  = aws_appautoscaling_target.dtm_scaling_target.service_namespace
+  depends_on         = [aws_appautoscaling_target.dtm_scaling_target]
+
+  target_tracking_scaling_policy_configuration {
+    target_value       = 40
+    scale_in_cooldown  = 30
+    scale_out_cooldown = 10
+    predefined_metric_specification {
+      predefined_metric_type = "ECSServiceAverageCPUUtilization"
+    }
+  }
+}
+
+
+#CREATE AUTOSCALING TARGET FOR dtm WORKER
+# resource "aws_appautoscaling_target" "dtm_worker_scaling_target" {
+#   max_capacity       = 1
+#   min_capacity       = 1
+#   resource_id        = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.dtm_worker_service.name}"
+#   scalable_dimension = "ecs:service:DesiredCount"
+#   service_namespace  = "ecs"
+# }
+
+# #CREATE AUTOSCALING POLICY FOR dtm WORKER
+# resource "aws_appautoscaling_policy" "dtm_worker_scaling_policy" {
+#   name               = "dtm-worker-scaling-policy"
+#   policy_type        = "TargetTrackingScaling"
+#   resource_id        = aws_appautoscaling_target.dtm_worker_scaling_target.id
+#   scalable_dimension = aws_appautoscaling_target.dtm_worker_scaling_target.scalable_dimension
+#   service_namespace  = aws_appautoscaling_target.dtm_worker_scaling_target.service_namespace
+#   depends_on         = [aws_appautoscaling_target.dtm_worker_scaling_target]
+
+#   target_tracking_scaling_policy_configuration {
+#     target_value       = 40
+#     scale_in_cooldown  = 30
+#     scale_out_cooldown = 10
+#     predefined_metric_specification {
+#       predefined_metric_type = "ECSServiceAverageCPUUtilization"
+#     }
+#   }
+# }
diff --git a/terraform/step6/ECS_Cluster.tf b/terraform/step6/ECS_Cluster.tf
new file mode 100644
index 00000000..8b9f452d
--- /dev/null
+++ b/terraform/step6/ECS_Cluster.tf
@@ -0,0 +1,15 @@
+#CREATE NAMESPACE
+resource "aws_service_discovery_http_namespace" "namespace" {
+  name        = "${var.project_name}-${var.vpc_name}-namespace"
+  description = "Namespace for service discovery"
+}
+
+# Create a new ECS cluster
+resource "aws_ecs_cluster" "cluster" {
+  name = var.ecs_cluster_name
+
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+}
diff --git a/terraform/step6/ECS_Service.tf b/terraform/step6/ECS_Service.tf
new file mode 100644
index 00000000..e69deffd
--- /dev/null
+++ b/terraform/step6/ECS_Service.tf
@@ -0,0 +1,56 @@
+# Create dtm service to run on the cluster
+resource "aws_ecs_service" "dtm_service" {
+  name                   = "dtm"
+  cluster                = aws_ecs_cluster.cluster.id
+  task_definition        = aws_ecs_task_definition.dtm.arn
+  desired_count          = 1
+  launch_type            = "FARGATE"
+  enable_execute_command = true
+  force_new_deployment   = true
+  health_check_grace_period_seconds = 15
+
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.dtm_target_group.arn
+    container_name   = "dtm"
+    container_port   = 8000
+  }
+
+  network_configuration {
+    assign_public_ip = false
+    subnets          = var.vpc_private_subnets[*]
+    security_groups  = [var.ecs_sec_grp]
+  }
+
+  deployment_controller {
+    type = "ECS"
+  }
+  deployment_circuit_breaker {
+    enable   = true
+    rollback = true
+  }
+}
+
+# resource "aws_ecs_service" "dtm_worker_service" {
+#   name                   = "dtm-worker"
+#   cluster                = aws_ecs_cluster.cluster.id
+#   task_definition        = aws_ecs_task_definition.dtm_worker.arn
+#   desired_count          = 1
+#   launch_type            = "FARGATE"
+#   enable_execute_command = true
+#   force_new_deployment   = true
+
+#   network_configuration {
+#     assign_public_ip = false
+#     subnets          = var.vpc_private_subnets[*]
+#     security_groups  = [var.ecs_sec_grp]
+#   }
+
+#   deployment_controller {
+#     type = "ECS"
+#   }
+#   deployment_circuit_breaker {
+#     enable   = true
+#     rollback = true
+#   }
+# }
diff --git a/terraform/step6/ECS_TaskDefinitions.tf b/terraform/step6/ECS_TaskDefinitions.tf
new file mode 100644
index 00000000..d1b7d23f
--- /dev/null
+++ b/terraform/step6/ECS_TaskDefinitions.tf
@@ -0,0 +1,97 @@
+# Define a task definition for the fastapi service
+resource "aws_ecs_task_definition" "dtm" {
+  family                   = "fastapi-tdf"
+  execution_role_arn       = "arn:aws:iam::${var.aws_account}:role/${var.ecs_task_role_name}"
+  task_role_arn            = "arn:aws:iam::${var.aws_account}:role/${var.ecs_task_role_name}"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 256
+  memory                   = 512
+
+  container_definitions = <<TASK_DEFINATION
+  [
+    {
+      "name" : "dtm",
+      "image" : "${var.dtm_fastapi_image}",
+      "essential": true,
+      "portMappings" : [
+        {
+          "name" : "dtm-8000-tcp",
+          "containerPort" : 8000,
+          "hostPort" : 8000,
+          "protocol" : "tcp",
+          "appProtocol" : "http"
+        }
+      ],
+      "essential" : true,
+      "environment" : [],
+      "environmentFiles" : [
+        {
+          "value" : "arn:aws:s3:::${var.s3_bucket_name}/envfile.env",
+          "type" : "s3"
+        }
+      ],
+      "mountPoints" : [],
+      "volumesFrom" : [],
+      "logConfiguration" : {
+        "logDriver" : "awslogs",
+        "options" : {
+          "awslogs-create-group" : "true",
+          "awslogs-group" : "/ecs/${var.project_name}-fastapi-tdf",
+          "awslogs-region" : "${var.aws_region}",
+          "awslogs-stream-prefix" : "ecs"
+        }
+      },
+      "healthCheck": {
+        "command": [
+            "CMD-SHELL",
+            "curl --fail http://localhost:8000/admin/login/ || exit 0"
+        ],
+        "interval": 30,
+        "timeout": 10,
+        "retries": 2,
+        "startPeriod": 10
+      }
+    }
+  ]
+  TASK_DEFINATION
+  runtime_platform {
+    cpu_architecture        = "X86_64"
+    operating_system_family = "LINUX"
+  }
+}
+
+
+# resource "aws_ecs_task_definition" "dtm_worker" {
+#   family                   = "dtm-worker-tdf"
+#   execution_role_arn       = "arn:aws:iam::${var.aws_account}:role/${var.ecs_task_role_name}"
+#   task_role_arn            = "arn:aws:iam::${var.aws_account}:role/${var.ecs_task_role_name}"
+#   network_mode             = "awsvpc"
+#   requires_compatibilities = ["FARGATE"]
+#   cpu                      = 512
+#   memory                   = 2048
+
+#   container_definitions = <<TASK_DEFINATION
+#   [
+#     {
+#       "name" : "dtm-worker",
+#       "image" : "${var.dtm_fastapi_image}",
+#       "essential": true,
+#       "portMappings" : [],
+#       "essential" : true,
+#       "entrypoint": ["celery", "-A", "dtm", "worker", "-l", "INFO", "--autoscale=12,4", "-Q", "default,manage_forms,submission,longqueue,workflow"],
+#       "environment" : [],
+#       "environmentFiles" : [
+#         {
+#           "value" : "arn:aws:s3:::${var.s3_bucket_name}/envfile.env",
+#           "type" : "s3"
+#         }
+#       ]
+#     }
+#   ]
+#   TASK_DEFINATION
+#   runtime_platform {
+#     cpu_architecture        = "X86_64"
+#     operating_system_family = "LINUX"
+#   }
+# }
diff --git a/terraform/step6/LB_Loadbalancer.tf b/terraform/step6/LB_Loadbalancer.tf
new file mode 100644
index 00000000..26364c27
--- /dev/null
+++ b/terraform/step6/LB_Loadbalancer.tf
@@ -0,0 +1,52 @@
+# CREATE APPLICATION LOADBALANCER
+resource "aws_lb" "load_balancer" {
+  name                       = var.ecs_loadbalancer_name
+  internal                   = false
+  load_balancer_type         = "application"
+  drop_invalid_header_fields = true
+  subnets                    = var.vpc_public_subnets[*]
+  security_groups            = [var.load_balancer_sec_grp]
+
+  enable_deletion_protection       = false
+  enable_cross_zone_load_balancing = true
+  idle_timeout                     = 180
+
+  access_logs {
+    bucket  = var.alb_logs_s3_bucket
+    prefix  = "${var.project_name}-lb"
+    enabled = true
+  }
+
+  tags = {
+    Name = var.ecs_loadbalancer_name
+  }
+}
+
+# ASSIGN HTTPS LISTENER TO ALB
+resource "aws_lb_listener" "http_lb_listener" {
+  load_balancer_arn = aws_lb.load_balancer.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    target_group_arn = aws_lb_target_group.dtm_target_group.arn
+    type             = "forward"
+  }
+}
+
+# # ASSIGN HTTP LISTENER TO ALB
+# resource "aws_lb_listener" "http_lb_listener" {
+#   load_balancer_arn = aws_lb.load_balancer.arn
+#   port              = 80
+#   protocol          = "HTTP"
+
+#   default_action {
+#     type = "redirect"
+
+#     redirect {
+#       port        = "443"
+#       protocol    = "HTTPS"
+#       status_code = "HTTP_301"
+#     }
+#   }
+# }
diff --git a/terraform/step6/LB_RoutingRules.tf b/terraform/step6/LB_RoutingRules.tf
new file mode 100644
index 00000000..83122c03
--- /dev/null
+++ b/terraform/step6/LB_RoutingRules.tf
@@ -0,0 +1,37 @@
+#Assign dtm routing rule to Listener
+resource "aws_lb_listener_rule" "dtm_routing" {
+  listener_arn = aws_lb_listener.http_lb_listener.arn
+  priority     = 5
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.dtm_target_group.arn
+  }
+
+  condition {
+    host_header {
+      values = ["${var.dtm_subdomain}.${var.domain}"]
+    }
+  }
+}
+
+#Assign dtm routing rule to Listener
+resource "aws_lb_listener_rule" "dtm_redirect_routing" {
+  listener_arn = aws_lb_listener.http_lb_listener.arn
+  priority     = 6
+
+  action {
+    type = "redirect"
+
+    redirect {
+      host        = "${var.dtm_subdomain}.${var.domain}"
+      status_code = "HTTP_301"
+    }
+  }
+
+  condition {
+    host_header {
+      values = ["${var.domain}"]
+    }
+  }
+}
diff --git a/terraform/step6/LB_TargetGroups.tf b/terraform/step6/LB_TargetGroups.tf
new file mode 100644
index 00000000..f600465c
--- /dev/null
+++ b/terraform/step6/LB_TargetGroups.tf
@@ -0,0 +1,42 @@
+#Create a dtm target group for the load balancer
+resource "aws_lb_target_group" "dtm_target_group" {
+  name        = "dtm-target-group"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+
+  health_check {
+    interval            = 40
+    path                = "/"
+    port                = 8000
+    protocol            = "HTTP"
+    timeout             = 30
+    healthy_threshold   = 2
+    unhealthy_threshold = 4
+    matcher             = "200-400"
+  }
+}
+
+
+#Create a dtm-Fastapi target group for the load balancer
+resource "aws_lb_target_group" "fastapi_target_group" {
+  name        = "fastapi-target-group"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+
+  health_check {
+    interval            = 30
+    path                = "/"
+    port                = 8000
+    protocol            = "HTTP"
+    timeout             = 29
+    healthy_threshold   = 5
+    unhealthy_threshold = 10
+    matcher             = "404"
+  }
+}
diff --git a/terraform/step6/ROUTE53.tf b/terraform/step6/ROUTE53.tf
new file mode 100644
index 00000000..21886987
--- /dev/null
+++ b/terraform/step6/ROUTE53.tf
@@ -0,0 +1,31 @@
+# resource "aws_route53_record" "enketo_subdomain" {
+#   zone_id = var.route53_zone_id
+#   name    = var.enketo_subdomain
+#   type    = "CNAME"
+#   ttl     = 300
+#   records = [aws_lb.load_balancer.dns_name]
+# }
+
+# resource "aws_route53_record" "kpi_subdomain" {
+#   zone_id = var.route53_zone_id
+#   name    = var.kpi_subdomain
+#   type    = "CNAME"
+#   ttl     = 300
+#   records = [aws_lb.load_balancer.dns_name]
+# }
+
+# resource "aws_route53_record" "kobocat_subdomain" {
+#   zone_id = var.route53_zone_id
+#   name    = var.kobocat_subdomain
+#   type    = "CNAME"
+#   ttl     = 300
+#   records = [aws_lb.load_balancer.dns_name]
+# }
+
+# resource "aws_route53_record" "zite_subdomain" {
+#   zone_id = var.route53_zone_id
+#   name    = var.zite_subdomain
+#   type    = "CNAME"
+#   ttl     = 300
+#   records = [aws_lb.load_balancer.dns_name]
+# }
diff --git a/terraform/step6/variables.tf b/terraform/step6/variables.tf
new file mode 100644
index 00000000..30685988
--- /dev/null
+++ b/terraform/step6/variables.tf
@@ -0,0 +1,88 @@
+#VARIABLES
+
+variable "project_name" {
+  type = string
+}
+
+variable "vpc_name" {
+  type = string
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "aws_account" {
+  type = string
+}
+
+variable "aws_region" {
+  type = string
+}
+
+variable "vpc_private_subnets" {
+  type = list(string)
+}
+
+variable "vpc_private_subnets_count" {
+  type = list(string)
+}
+
+variable "vpc_public_subnets" {
+  type = list(string)
+}
+
+variable "ecs_cluster_name" {
+  type = string
+}
+
+variable "ecs_loadbalancer_name" {
+  type = string
+}
+
+variable "ecs_task_role_name" {
+  type = string
+}
+
+variable "ecs_sec_grp" {
+  type = string
+}
+
+variable "SSL_certificate_arn" {
+  type = string
+}
+
+variable "load_balancer_sec_grp" {
+  type = string
+}
+
+
+variable "s3_bucket_name" {
+  type = string
+}
+
+variable "kms_key" {
+  type = string
+}
+
+# ====================== IMAGES ==================== #
+
+variable "dtm_fastapi_image" {
+  type    = string
+  default = "dtm-fastapi-image"
+}
+
+variable "alb_logs_s3_bucket" {
+  type = string
+}
+
+# ====================== Routing Rules Domains ==================== #
+variable "domain" {
+  type    = string
+  default = "yourdomain.com"
+}
+
+variable "dtm_subdomain" {
+  type    = string
+  default = "yoursubdomain.com"
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 00000000..2e7bf6f1
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,118 @@
+# ====================== GLOBALS ==================== #
+
+variable "aws_region" {
+  type    = string
+  default = "your_aws_region"
+}
+
+variable "aws_account" {
+  type    = string
+  default = "aws_account_id"
+}
+
+variable "project_name" {
+  type    = string
+  default = "your_project_name"
+}
+
+
+# ====================== VPC ==================== #
+variable "vpc_name" {
+  type    = string
+  default = "your_vpc_name"
+}
+
+variable "vpc_cidr_block" {
+  type    = string
+  default = "vpccidrblock"
+}
+
+variable "vpc_private_subnets" {
+  type    = list(string)
+  default = ["vpcprivatecidrblock"]
+}
+
+variable "vpc_public_subnets" {
+  type    = list(string)
+  default = ["vpcpubliccidrblock"]
+}
+
+variable "availability_zones" {
+  type    = list(string)
+  default = ["ap-south-1a", "ap-south-1b", "ap-south-1c"]
+}
+
+
+# ====================== ECR ==================== #
+variable "ecr_names" {
+  type    = list(string)
+  default = ["your_ecr_name"]
+}
+
+
+
+# # ====================== EFS ==================== #
+# variable "efs_creation_token" {
+#   type        = string
+#   default     = "zite-data"
+#   description = "Creation token for the EFS file system"
+# }
+
+# ====================== EC2 ==================== #
+variable "public_ec2_instance_ami" {
+  type    = string
+  default = "yourec2_public_ami_image_name" #Ubuntu Server 22.04 LTS
+}
+
+variable "private_ec2_instance_ami" {
+  type    = string
+  default = "your_ec2_private_ami_name" #Ubuntu Server 22.04 LTS
+}
+
+
+# ====================== ECS ==================== #
+variable "ecs_cluster_name" {
+  type        = string
+  default     = "dtm-ecs-cluster"
+  description = "Cluster name for ECS cluster"
+}
+
+variable "ecs_loadbalancer_name" {
+  type        = string
+  default     = "dtm-load-balancer"
+  description = "Cluster name for ECS cluster"
+}
+
+variable "ecs_task_role_name" {
+  type        = string
+  default     = "dtmecsTaskExecutionRole"
+  description = "IAM role used in the ECS Tasks"
+}
+
+
+# ====================== ALB ==================== #
+variable "SSL_certificate_arn" {
+  type        = string
+  description = "SSL Certificate ARN for zite.zite.io"
+  default     = "ssl-certificate-arn"
+}
+
+
+# ====================== S3 ==================== #
+variable "s3_bucket_name" {
+  type    = string
+  default = "s3bucketname"
+}
+
+
+variable "postgresql_root_username" {
+  type        = string
+  default     = "postgresusername"
+  description = "Root username for PostgreSQL"
+}
+
+variable "postgresql_root_password" {
+  type        = string
+  default     = "postgrespassword"
+  description = "Root user password for PostgreSQL"
+}